(Signal is for iPhone and iPads, and encrypts both voice and texts; RedPhone is the Android version of the voice product; TextSecure is the Android version of the text product.)

As Lee explains, the open source software group known as Open Whisper Systems, which makes all three, is gaining a reputation for combining trustworthy encryption with ease of use and mobile convenience.

Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past.

Using Signal and Red Phone means your voice conversations are always full scrambled. As Lee wrote:

Other apps with encryption tend to enter insecure modes at unpredictable times — unpredictable for many users, at least. Apple’s iMessage, for example, employs strong encryption, but only when communicating between two Apple devices and only when there is a proper data connection. Otherwise, iMessage falls back on insecure SMS messaging. iMessage also lacks forward secrecy and inspectable source code.

Signal also offers the ability for power users to verify the identity of the people they’re talking to, confirming that the encryption isn’t under attack. With iMessage, you just have to take Apple’s word for it.

The big announcements by Apple and Google last fall were about encrypting data on users’ phones, not the calls made by those phones.

Although regular phone calls on the iPhone are not encrypted, Apple’s extremely popular FaceTime service is encrypted by default, as is iMessage. So when you’re using those services (with another Apple user) your conversations are encrypted whether you knew it or not.

There are of course some caveats, as Lee writes:

It’s important to keep in mind that no technology is 100 percent secure, and an encrypted messaging app can only be as secure as the device you install it on. Intelligence agencies and other hackers can still exploit security bugs that have not been fixed, known as zero day exploits, to take over smartphones and bypass the encryption that privacy apps employ. But apps like Signal go a long way to making mass surveillance of billions of innocent people infeasible.

Photo illustration by Dan Froomkin and Connie Yu.

We depend on the support of readers like you to help keep our nonprofit newsroom strong and independent. Join Us